1:讓Apache的索引顯示支援中文檔案和目錄
[[email protected] ~]# tail /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost 192.168.122.30:80>
DocumentRoot "/home/share"
<Directory /home/share>
Options indexes followsymlinks
order deny,allow
allow from all
</Directory>
ServerName 192.168.122.30
</VirtualHost>
[[email protected] ~]# ls /home/share/
10網段改造問題.txt docs.zip IPVS.doc 中文目錄
boot.tgz exam2.JPG putty.exe 資料庫
[roo[email protected] ~]# grep -i 'utf-8' /usr/local/apache2/conf/httpd.conf
AddDefaultCharSet UTF-8
IndexOptions Charset=UTF-8
2:過濾Apache可讀取的檔案類型,讓特定類型的檔案不能被通路
[email protected] ~]# grep -A 3 -E '(exe|zip)' /usr/local/apache2/conf/httpd.conf |grep -v '#'
<FilesMatch "/.(exe|zip)$">
Order allow,deny
Deny from all
</FilesMatch>
[[email protected] ~]# tail -f /usr/local/apache2/logs/error_log
[Thu May 20 14:44:25 2010] [error] [client 192.168.122.1] client denied by server configuration: /home/share/docs.zip
[Thu May 20 14:44:25 2010] [error] [client 192.168.122.1] client denied by server configuration: /home/share/putty.exe
3:重定向,重定向主要有temp,permanent,gone,seeother四種;
temp:臨時重定向,用于檔案目前不存在所請求的位置,将來預期會出現在該位置上時的臨時重定向
permanent:永久重定向,同temp的情況相反
gone:表示檔案不在此位置,以後也不應該再詢問了,但gone承認檔案曾經存在過,同404錯誤情況不同,這不會被認為是錯誤
seeother:告知用戶端原始檔案已經不存在,并且被不同位置的其他檔案所替代
預設情況下,如果沒有設定關鍵字,會使用臨時重定向
<VirtualHost 192.168.122.30:80>
DocumentRoot "/home/share"
ServerName 192.168.122.30
Redirect Permanent / http://hi.baidu.com/naruto6006
</VirtualHost>
[[email protected] ~]# tail -f /usr/local/apache2/logs/access_log
192.168.122.1 - - [20/May/2010:15:03:29 +0800] "GET / HTTP/1.1" 301 238
4:apache 檢視status和info資訊
[[email protected] ~]# grep 'info' /usr/local/apache2/conf/httpd.conf |grep -v '#'
Include conf/extra/httpd-info.conf
[[email protected] ~]# grep -A 5 -E '(status|info)' /usr/local/apache2/conf/extra/httpd-info.conf |grep -v '#' |uniq
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 192.168.122.60
</Location>
<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from 192.168.122.60
</Location>
5:配置防盜鍊
第一種方法,使用SetEnvIfNoCase實作
<FilesMatch "/.(jpg|jpeg|gif|png)$">
SetEnvIfNoCase Referer "^http://([^/]*/.)?yang.com" local_referrer=1
Order Allow,Deny
Allow from env=local_referrer
</FilesMatch>
第二種方法,使用rewrite規則實作
[ro[email protected] ~]# /usr/local/apache2/bin/apachectl -l |grep rewrite
mod_rewrite.c
<VirtualHost 192.168.122.30:80>
DocumentRoot "/home/share"
ServerName 192.168.122.30
<Directory /home/share>
Options indexes followsymlinks
AllowOverride All
order deny,allow
allow from all
</Directory>
</VirtualHost>
[[email protected] ~]# cat /home/share/.htaccess
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://([^/]*/.)?yang.com$ [NC]
RewriteRule .*/.(gif|jpg|swf)$ http://www.yang.com/about/nolink.png [R,NC]
httpd.conf 檔案裡的配置,是在 apache 啟動時一次讀取,效率很高
.htaccess 檔案裡的配置,每次通路都需要讀取分析,效率很低;
6:mpm多路處理子產品調優;以下列出了不同作業系統上預設的MPM。如果你在編譯時沒有進行選擇,将預設選擇的 prefork;
BeOS beos
Netware mpm_netware
OS/2 mpmt_os2
Unix prefork
Windows mpm_winnt
core: Apache HTTP伺服器核心提供的功能,始終有效;
mpm_common: 收集了被多個多路處理子產品(MPM)實作的公共指令;
beos: 專門針對BeOS優化過的多路處理子產品(MPM);
event: 一個标準workerMPM 的實驗性變種;
mpm_netware: 專門為Novell NetWare優化的線程化的多路處理子產品(MPM);
mpmt_os2: 專門針對OS/2優化過的混合多程序多線程多路處理子產品(MPM);
prefork: 一個非線程型的、預派生的MPM;
mpm_winnt: 用于Windows NT/2000/XP/2003 系列的MPM;
worker: 線程型的MPM,實作了一個混合的多線程多處理MPM,允許一個子程序中包含多個線程;
[[email protected] ~]# /usr/local/apache2/bin/apachectl -l|grep -E '(work|prework|event)'
worker.c
[[email protected] ~]# grep 'mpm' /usr/local/apache2/conf/httpd.conf
Include conf/extra/httpd-mpm.conf
修改/usr/local/apache2/conf/extra/httpd-mpm.conf檔案MPM子產品如下:
<IfModule mpm_worker_module>
ServerLimit 100 //最大允許100子程序數
ThreadLimit 200 //最大允許200子線程數
StartServers 10 //Apache啟動立即産生10個子程序
MaxClients 3200 //允許最大的客戶數
MinSpareThreads 320 //最少有320個空線程
MaxSpareThreads 450 //最多有450個空線程
ThreadsPerChild 32 //一個子程序有32個常駐線程
MaxRequestsPerChild 1000 //每個子程序在其生存期内允許的最大請求數量
</IfModule>
7:虛拟目錄和網站别名
<VirtualHost 192.168.122.30:80>
DocumentRoot "/home/share"
ServerName 192.168.122.30
ServerAlias www.yang.com
Alias /test "/tmp"
<Directory /tmp>
Options indexes followsymlinks
order deny,allow
allow from all
</Directory>
<Directory /home/share>
Options indexes followsymlinks
AllowOverride All
order deny,allow
allow from all
</Directory>
</VirtualHost>
C:/Documents and Settings/yang>ping www.yang.com
Pinging www.yang.com [192.168.122.30] with 32 bytes of data:
Reply from 192.168.122.30: bytes=32 time<1ms TTL=64
8:Apache URL忽略大小寫
[roo[email protected] share]# /usr/local/apache2/bin/apachectl -l |grep spel
mod_speling.c
[[email protected] ~]# grep 'checkspelling' /usr/local/apache2/conf/httpd.conf
checkspelling on
9:AB性能測試
[[email protected] ~]# /usr/local/apache2/bin/ab -n 1000 -c 100 http://192.168.122.30/boot.tgz //n代表請求1000次,c代表同時發送100個請求
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.122.30 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests
Server Software: Apache/2.2.14
Server Hostname: 192.168.122.30
Server Port: 80
Document Path: /boot.tgz
Document Length: 5548786 bytes
Concurrency Level: 100
Time taken for tests: 8.481 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 5549070000 bytes
HTML transferred: 5548786000 bytes
Requests per second: 117.91 [#/sec] (mean)
Time per request: 848.119 [ms] (mean)
Time per request: 8.481 [ms] (mean, across all concurrent requests)
Transfer rate: 638945.27 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 1 1.3 0 11
Processing: 6 786 828.4 496 6399
Waiting: 0 548 881.3 200 5877
Total: 6 787 828.2 497 6399
Percentage of the requests served within a certain time (ms)
50% 497
66% 636
75% 749
80% 908
90% 1719
95% 2660
98% 3559
99% 4116
100% 6399 (longest request)
[[email protected] # uptime //檢視系統負載情況
11:00:35 up 2:00, 2 users, load average: 13.75, 3.06, 1.00
10:隐藏系統資訊和Apache的版本資訊
[[email protected] ~]# curl -I http://192.168.122.30
HTTP/1.1 200 OK
Date: Mon, 24 May 2010 03:11:54 GMT
Server: Apache/2.2.14 (Unix) DAV/2 PHP/5.2.9
Content-Type: text/html;charset=UTF-8
[[email protected] ~]# grep 'default.conf' /usr/local/apache2/conf/httpd.conf |grep -v '^#'
Include conf/extra/httpd-default.conf
[[email protected] ~]# grep -E '(Prod|Off)' /usr/local/apache2/conf/extra/httpd-default.conf |grep -v '^#'
UseCanonicalName Off //UseCanonicalName、UseCanonicalPhysicalPort指令用來決定怎樣建構自引用 URL
ServerTokens Prod //設定伺服器HTTP響應頭字段的值
ServerSignature Off //隐藏Apache版本資訊
HostnameLookups Off //關閉名字解析
[[email protected] ~]# curl -I http://192.168.122.30
HTTP/1.1 200 OK
Date: Mon, 24 May 2010 03:19:38 GMT
Server: Apache
Content-Type: text/html;charset=UTF-8